A New Vulnerability In RSA Cryptography

A new vulnerability associated with RSA cryptography has been found, which works by spying the CPU internals with a spy program running on the same computer as the crypto application. Dedicated systems (like CAcert´s certificate generation) are not affected, only multi-tasking and multi-user systems are affected.


A New Vulnerability In RSA Cryptography

   Posted by kdawson on Saturday November 18, @04:45PM
   from the predictions-of-trouble dept.

   romiz writes, “Branch Prediction Analysis is a recent attack vector
   against RSA public-key cryptography on personal computers that relies
   on timing measurements to get information on the bits in the private
   key. However, the method is not very practical because it requires
   many attempts to obtain meaningful information, and the current
   OpenSSL implementation now includes protections against those attacks.
   However, German cryptographer Jean-Pierre Seifert has announced [1]a
   new method called Simple Branch Prediction Analysis that is at the
   same time much more efficient that the previous ones, only needs a
   single attempt, successfully bypasses the OpenSSL protections, and
   should prove harder to avoid without a very large execution penalty.”
   From the article: “The successful extraction of almost all secret key
   bits by our SBPA attack against an openSSL RSA implementation proves
   that the often recommended blinding or so called randomization
   techniques to protect RSA against side-channel attacks are, in the
   context of SBPA attacks, totally useless.” [2]Le Monde interviewed
   Seifert (in French, but Babelfish works well) and claims that the
   details of the SBPA attack are being withheld; however, a PDF of the
   paper is linked from the [3]ePrint abstract.

  1. http://eprint.iacr.org/2006/351
  3. http://eprint.iacr.org/2006/351

Leave a Reply